GNOME Bugzilla – Bug 673822
nautilus crashed with SIGSEGV in _gdk_device_xi2_reset_scroll_valuators()
Last modified: 2016-03-06 03:26:06 UTC
The bug has been reported in https://bugs.launchpad.net/ubuntu/+source/gtk+3.0/+bug/952546 "stracktrace from gtk 3.3.18
+ Trace 230033
The most recent duplicate uses gtk 3.4.0, note that all the bugs seem to come from nautilus so it could be a nautilus issue...
that seems a quite comment bug, the launchpad bug got 21 duplicates
*** Bug 685403 has been marked as a duplicate of this bug. ***
Similar downstream bug report from gtk3-3.6.4: https://bugzilla.redhat.com/show_bug.cgi?id=906384 Core was generated by `/usr/bin/evolution'. Program terminated with signal 11, Segmentation fault. 0 _gdk_device_xi2_reset_scroll_valuators (device=device@entry=0x0) at gdkdevice-xi2.c:853 853 for (i = 0; i < device->scroll_valuators->len; i++)
+ Trace 231473
Thread 1 (Thread 0x7f2b3b2d0a00 (LWP 4306))
The Debian BTS tracks this issue under bug 699531 [1]. [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699531
Sorry for the two superfluous posts. Bugzilla took over a minute to respond. :(
Created attachment 234958 [details] [review] [PATCH] gdk/x11/gdkdevicemanager-xi2.c: Only call `_gdk_device_xi2_reset_scroll_valuators` with non-NULL argument From 6bad241ae3b13200ca7a5741471927c81d220434 Mon Sep 17 00:00:00 2001 From: Paul Menzel <paulepanter@users.sourceforge.net> Date: Fri, 1 Feb 2013 11:55:02 +0100 Subject: [PATCH] gdk/x11/gdkdevicemanager-xi2.c: Only call `_gdk_device_xi2_reset_scroll_valuators` with non-NULL argument Due to commit 013da47a07d70ee40eab211850b4238f3fdb4b25 Author: Carlos Garnacho <carlosg@gnome.org> Date: Thu Feb 23 18:24:37 2012 +0100 gdk,xi2: Ensure scroll valuators are reset on window/device switch Evolution and Nautilus could crash due to a NULL pointer dereference in `device->scroll_valuators->len` in `_gdk_device_xi2_reset_scroll_valuators`. $ more gdk/x11/gdkdevice-xi2.c […] void _gdk_device_xi2_reset_scroll_valuators (GdkX11DeviceXI2 *device) { guint i; for (i = 0; i < device->scroll_valuators->len; i++) { ScrollValuator *scroll; scroll = &g_array_index (device->scroll_valuators, ScrollValuator, i); scroll->last_value_valid = FALSE; } } […] This was possible because `g_hash_table_lookup` can return NULL [1] which needs to be checked. Thread 1 (Thread 0xb5527890 (LWP 4212)): #0 0xb62492f4 in _gdk_device_xi2_reset_scroll_valuators (device=device@entry=0x0) at /build/buildd-gtk+3.0_3.4.2-4-i386-QQNfyz/gtk+3.0-3.4.2/./gdk/x11/gdkdevice-xi2.c:853 i = 0 The reason for the non-existance of the value in the hash table needs further checking. This issue is present since release 3.3.18. $ git tag --contains 013da47a | head -3 3.3.18 3.3.20 3.4.0 Bugzilla: https://bugzilla.gnome.org/show_bug.cgi?id=673822 [1] http://developer.gnome.org/glib/2.29/glib-Hash-Tables.html#g-hash-table-lookup --- gdk/x11/gdkdevicemanager-xi2.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-)
Created attachment 234959 [details] [review] [PATCH] gdk/x11/gdkdevice-xi2.c: Check pointer argument for being non-NULL From 7d46eabd5ed83b473fe45156ab43b70e1aac5016 Mon Sep 17 00:00:00 2001 From: Paul Menzel <paulepanter@users.sourceforge.net> Date: Fri, 1 Feb 2013 12:16:46 +0100 Subject: [PATCH] gdk/x11/gdkdevice-xi2.c: Check pointer argument for being non-NULL As the pointer `device` is dereferenced in the for loop, the pointer needs to be checked for being non-NULL. While at it, also check if the pointer is an X11 XI2 device. Similar checks are also done in `_gdk_x11_device_xi2_get_id`. Bugzilla: https://bugzilla.gnome.org/show_bug.cgi?id=673822 --- gdk/x11/gdkdevice-xi2.c | 3 +++ 1 file changed, 3 insertions(+)
It seems these patches helps me on Fedora 18. Thanks Paul for them.
Review of attachment 234959 [details] [review]: ::: gdk/x11/gdkdevice-xi2.c @@ +852,3 @@ + g_return_if_fail (device != NULL); + g_return_if_fail (GDK_IS_X11_DEVICE_XI2 (device)); we usually don't use g_return_* in private API: either use g_assert(), and catch the callers that use a NULL device, or do an explicit check and return without a warning. on stable releases, g_return_* will also evaluate to nothing, so it's doubtful it would help you. my personal preference is for the assertion failure, and figuring out why _gdk_device_xi2_reset_scroll_valuators() is being called with a NULL or an invalid device.
Review of attachment 234958 [details] [review]: ::: gdk/x11/gdkdevicemanager-xi2.c @@ +1548,3 @@ source_device = g_hash_table_lookup (device_manager->id_table, GUINT_TO_POINTER (xev->sourceid)); + if (source_device) { coding style: braces on a new line; indentation is 2 spaces. @@ +1551,3 @@ + gdk_event_set_source_device (event, source_device); + _gdk_device_xi2_reset_scroll_valuators (GDK_X11_DEVICE_XI2 (source_device)); + } this block is weird: it means we're receiving an event with a device that is not valid any more, or that we're receiving an event that is out of order. given the object lifetime management issues of X11, this may be a case of the former, which means we should ignore the event, not emit an event without a source device attached to it.
this is not happening anymore